Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)
Mon Feb 9 14:14:40 PST 2004
[overquoting a bit cuz this thread is stale, sorry]
* Jeff Waugh <email@example.com> [2004-02-04 16:21+1100]
> <quote who="Tilghman Lesher">
> > As others have already remarked, discarding emails automatically is a bad
> > thing. For those times when your filter catches a false positive, it's
> > better to bounce the message than to silently discard it, as, at the very
> > least, the sender will know that you didn't receive his/her message.
> Why would you have SMTP-time filters that might catch a false positive? How
> would you get a false positive of a forged-sender worm email when you're
> catching them on specific, identifiable chunks of the data?
> Anything that might get a false positive (such as virus scanners and spam
> detection software such as spamassassin) should immediately be relegated to
> post-MTA admin policy land, not SMTP-time MTA protection land.
> Discarding worm and spam emails is a good thing, and you can easily do that
> at SMTP time, using only the MTA, without any external daemons involved, and
> without false positives. Anything that gets past the MTA can happily go off
> to admin-defined policy fuckage or cleanage with all the resources required
> by your AV and anti-spam software (safely on disk and queued).
How do you easily discard spam at SMTP time in the MTA, without
(maybe contact me off-list; I think that knowledge is currently
worth a few billion dollars)
I agree that it's better to discard viruses that you can identify
reliably, but that still makes me uncomfortable.
Gerald Oskoboiny <firstname.lastname@example.org>
More information about the linux-elitists